Executive Summary
Summary | |
---|---|
Title | Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20140908-ucse | First vendor Publication | 2014-09-08 |
Vendor | Cisco | Last vendor Modification | 2014-09-08 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUDccEAAoJEIpI1I6i1Mx380EQAJZ/vFS3FAVaZRj/ylDlZEoN rTNQmIXP/8M+gXHUVZQPF5BKXeHOqdEyA+AKOhgttLpuYfIyi/7oYhU9vETWs1dh 4d8/6QG2+6ImYfig8KS8oartWgVyifq389PqprXK1QhuKhU30DgEAV+2nvTDe46n 5XAaQ2mbey47dmdfFkrLNIjpdkjyx07ibj7yaHwsQY0plDH3ldTEIV+Ca1AnA/Dj J9ECXHnWVoqlS3WXPrXWeFLj9OJM+Htq84rYJb1Uc7EoxTUz8NwFmNUzY93esYBJ gev4l6rQHy/m70fPdBXbfuSr4UwsQA4FYjfF60924IPZ63EYsnFICC14doci7CjT JzZ3lyvnmFbiQ/OOdwRTsJjD0knGq5FBAF9WUFfZ3KVnXcq62ztMlCE2BscSZz0/ Yw0wnFrPwmz0VqXJxs+TUeDyq2w/cS8piWO5+XkYTc3dmmRNzf5N0tXE7vekWKhX pmZfaoviY6LoJjzN8BsBTvJ8slAI8ldJ10cEVuuFB3CQSalYrspH8bKXAsu+5T6v 4CoQuwB7alb3l/RUqthpR9uakV6FLG2jVi4WkgcBaPrz7FLo+4k3z6WpLcUXBUpK 81zTK1c2iWhbPEil1zLEHaEwWm4hPp1qAeWEuQH4ahBLbl/pxwXD/xX3vZdDD7Ed HvavuCQ1ZhZRr6nR+EUq =Ydqd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-09-18 | IAVM : 2014-B-0127 - Cisco Unified Computing System (UCS) E-Series Denial of Service Vulnerability Severity : Category I - VMSKEY : V0054329 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-19 | Name : The remote device is running a vulnerable version of Cisco IMC. File : cisco-sa-20140908-ucse.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-10-18 17:22:06 |
|
2014-09-20 13:25:14 |
|
2014-09-11 00:27:21 |
|
2014-09-08 21:22:03 |
|